LLMpediaThe first transparent, open encyclopedia generated by LLMs

NX bit

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: X86-64 Hop 4
Expansion Funnel Raw 117 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted117
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
NX bit
NameNX bit
TypeHardware feature
Introduced1995–2003
Architecturesx86, x86-64, ARM, MIPS, PowerPC
Also known asExecute Disable Bit, XD, XN, Execute Never

NX bit

The NX bit is a processor-level feature that marks memory pages as non-executable to prevent execution of code from data pages. It is implemented across multiple processor families and coordinated with operating systems to mitigate classes of exploits such as buffer overflows and certain Return-oriented programming attacks. The feature influenced processor designs by Intel Corporation, Advanced Micro Devices, ARM Holdings, MIPS Technologies, and IBM and shaped security practices in projects like OpenBSD, Linux kernel, Microsoft Windows, and macOS.

Overview

The NX bit provides page-granular execute permission, separating execution rights from read and write rights within the virtual memory subsystem used by processors like the Intel Pentium III, AMD Athlon 64, ARMv7-A, MIPS32, and POWER7. Hardware vendors such as Intel Corporation and Advanced Micro Devices exposed this capability as control flags, branded by Intel Corporation as Execute Disable (XD) and by AMD as the No Execute (NX) bit. Operating systems including Microsoft Windows NT, Linux kernel, FreeBSD, NetBSD, OpenBSD, and macOS integrate support for the feature into memory management subsystems like the Memory Management Unit and page table handling code. The capability complements software mitigations such as Address Space Layout Randomization, Stack Canaries, ASLR, SE Linux, and Control Flow Integrity.

History and Development

Early discussions of non-executable memory trace to research by teams at institutions like MIT and companies including Digital Equipment Corporation and Sun Microsystems during the 1980s and 1990s, with experimental support appearing in systems such as VAX and research on Stack-smashing defenses. Commercial deployment accelerated in the late 1990s and early 2000s after high-profile vulnerabilities affecting Microsoft Windows 95, Windows 98, and Internet Explorer elevated interest in hardware-assisted protections. AMD introduced NX support in the AMD64 architecture with the Opteron and Athlon 64 product lines, while Intel Corporation added XD support in later Pentium 4 and Intel Core families following industry pressure and coordination with US-CERT guidance. Collaboration between vendors, standards groups such as the Open Group, and open-source projects including NetBSD and Linux kernel accelerated adoption across server platforms used by companies like Google, Amazon (company), Facebook, and IBM.

Technical Implementation

Processor implementations expose an execute-disable flag either in page table entries or via architecture-specific translation structures like the Translation Lookaside Buffer mappings found in x86-64 and ARMv8-A systems. On x86 the feature leverages the PML4/page directory/page table entry bits in extended paging modes; AMD used the No Execute bit in the page-attribute table, while Intel implemented Execute Disable in later microarchitectures. On ARM the feature exists as an XN bit in page table descriptors for ARMv7-A and as an execute-never attribute in ARMv8-A stage-1 translations used by ARM TrustZone and virtualization extensions. The enforcement interacts with Supervisor mode, User mode, Interrupt Descriptor Table, and System Management Mode semantics, and with features like NX-compatible kernel hardening and SMEP/SMAP on Intel microarchitectures. Implementations must handle executable mappings for just-in-time compilers used by Java Virtual Machine, V8 (JavaScript engine), .NET Framework, Mono (software), and WebAssembly runtimes, often via runtime-assisted write/execute toggling and synchronizing with cache coherence and Instruction cache invalidation.

Operating System Support

Major operating systems integrated NX-bit handling into memory allocators, process loaders, and security policies. The Linux kernel exposes NX controls via configuration options and uses it alongside PaX and Grsecurity patches; distributions like Debian, Red Hat Enterprise Linux, and Ubuntu (operating system) enable NX-based protections by default on supported hardware. Microsoft Windows NT family products including Windows XP Service Pack 2, Windows Server 2003, Windows 7, and later include Data Execution Prevention that relies on XD/NX support. OpenBSD and NetBSD enforced non-executable stacks and heaps early, while FreeBSD adopted support for the hardware bit and additional mitigations. Mobile and embedded OSes such as Android (operating system) and iOS employ the feature on ARM SoCs from Qualcomm, Apple Inc., and Broadcom to harden applications and system services.

Security Impact and Exploits

The NX bit mitigates traditional stack buffer overflow exploits that rely on injecting and directly executing shellcode in writable memory regions, reducing the viability of classic code injection techniques exploited in worms like Blaster worm or vulnerabilities in Microsoft Internet Explorer. Attackers adapted by developing techniques such as Return-to-libc, Return-oriented programming, Jump-oriented programming, and Heap spraying to reuse existing executable code and bypass non-executable protections; these techniques influenced defenses like Control-Flow Enforcement Technology, Intel CET, and kernel-level mitigations in SELinux-enabled distributions. High-profile vulnerabilities and exploit chains affecting products from Adobe Systems and Oracle Corporation illustrated limitations of NX-only defenses, prompting combined use of NX with ASLR, DEP, and exploit mitigations in Exploit mitigation frameworks.

Variants and related technologies include Intel's Execute Disable (XD), AMD's No Execute (NX), ARM's Execute Never attribute, and PowerPC implementations in POWER8/POWER9. Complementary features include Supervisor Mode Execution Prevention (SMEP), Supervisor Mode Access Prevention (SMAP), Intel Control-flow Enforcement Technology (CET), ARM Pointer Authentication, and ARM Memory Tagging Extension. Related processor-level protections such as Trusted Execution Technology, Intel TXT, ARM TrustZone, and virtualization features in Intel VT-x and AMD-V interoperate with NX semantics in hypervisors like Xen (hypervisor), KVM, and Microsoft Hyper-V. Hardware security modules from vendors including Hewlett-Packard, Dell Technologies, and Cisco Systems benefit from NX-style enforcement for firmware and management interfaces.

Category:Computer security Category:Computer memory